Chirpstack v4 API over HTTPS

Greetings,
I am trying to access API over HTTPs on chirpstack v4, but getting 404 Not Found error.

I have v4.3.2 running on debian. HTTPs is configured via nginx. Chirpstack web GUI is working fine.
If I disable the nginx, web API also works and I am getting good responses. F.eg http://mydomain:8090/api/gateways?limit=10 is returning the gateway list.

But once I enable back nginx and ufw, above method does not work anymore, so does https://mydomain/api/gateways?limit=10

Can anyone help what I am doing incorrectly, kind of stuck
I have looked at this article - it says web API over HTTPs is not supported in V4?

here additional info:

environnment

BIND=0.0.0.0:8090
SERVER=0.0.0.0:8080

'# Comment out to enable TLS
INSECURE=true
CORS=“*”

chirpstack.toml

'# API interface configuration.
[api]

’ # interface:port to bind the API interface to.
bind=“0.0.0.0:8080”

'# Secret.
'#
'# This secret is used for generating login and API tokens, make sure this
'# is never exposed. Changing this secret will invalidate all login and API
'# tokens. The following command can be used to generate a random secret:
'# openssl rand -base64 32
secret=“you-must-replace-this”

[integration]
enabled=[“mqtt”]

[integration.mqtt]
server=“tcp://localhost:1883/”
json=true

nginx default

server {

location / {
    proxy_pass http://localhost:8080;
}

location ^~ /api {
    grpc_pass grpc://localhost:8090;
}

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot

listen 80 ;
listen [::]:80 ;
server_name mydomain.com;
return 404; # managed by Certbot

}

ufw

debian:/etc$ sudo ufw status
Status: active

To Action From

---

22 ALLOW Anywhere
1700 ALLOW Anywhere
Nginx Full ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6)
1700 (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)

Thanks

In v4, API is not bundled by default.

I have installed chirpstack API already, and it works ok on http (via swagger and via postman), but it does not work if I switch to HTTPs (via nginx). So question is more for a HTTPs > is API supported for secure http?

Yes.
https://lorawan.easylorawan.com/swagger-ui/

Good, so back to my initial question: there is something incorrect in my setup, which prevents accessing my Chirpstack over https, what I am doing wrong?

This is not correct.
It is still http proxy_pass. Not grpc

location ^~ /api {
grpc_pass grpc://localhost:8090;
}

Hi datnus,
Thanks for the suggestion.
Proxy_pass requires http or https as per nginx article

image1051×430 17.6 KB

If I change grpc_path to proxy_path, then nginx fails to start

image994×241 21.8 KB

 location /api/ {
    rewrite /api/(.*) /api/$1  break;
    proxy_pass http://localhost:8090/;
    proxy_redirect     off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_read_timeout 86400s;
    proxy_send_timeout 86400s;
}

# https://www.nginx.com/blog/nginx-1-13-10-grpc/
location /api.InternalService {
    grpc_pass grpc://localhost:8080;
    grpc_read_timeout 86400s;
    grpc_send_timeout 86400s;
}

That did the trick! API over HTTPs is working now. Many thanks!

image1067×825 96.1 KB

image1354×909 68.3 KB

What do you mean, API is not bundled by default? Does this mean grpc doesn’t work out of the box?

The gRPC API is included by default and works out of the box. The REST API has been moved to a separate repository/service:

https://www.chirpstack.io/docs/chirpstack/api/rest.html